On the morning Anthropic launched Mythos, one of the most advanced artifical intelligent (AI) coding models released to date, reporting suggests a private Discord group was already inside. They didn't break the encryption. They didn't compromise Anthropic's network. They inferred the URL based on Anthropic's naming conventions, used credentials belonging to a contractor working in a third-party vendor environment, and gained access on launch day.
Anthropic is widely regarded as among the most security-conscious of technology companies. We can assume they performed vendor due diligence on the contractor in question. The breach happened anyway, on launch day.
For those of us managing assets on behalf of universities, foundations, and other institutions, the lesson here is not that vendor due diligence failed. It is simply scoped too narrowly and performed too infrequently for the risk environment we now operate in.
What current practice gets right
The standard playbook for vendor due diligence in our industry, built around frameworks like SOC 21 and ISO 270012, supplemented by financial stability checks, reference calls, and questionnaires, is not a paper exercise. It surfaces vendors who can't demonstrate basic security hygiene, who lack the financial wherewithal to deliver on multi-year commitments, or whose track record wouldn't survive a reference call.
We are not arguing for less of it. Vendors who fail at this level don’t get hired. The question this piece is asking is not whether the baseline is necessary. It is whether the baseline is sufficient.
Where vendor due diligence stops one step too early
The Mythos breach highlights two weaknesses in current vendor risk management practices.
The first is fourth-party risk. When a firm performs vendor due diligence, the assessment is typically focused on the direct counterparty. We review their security posture, their financial stability, their governance, and their track record. What we cannot do with comparable rigor is review every contractor and subcontractor behind them.
The Mythos breach is a useful illustration. Reporting on the incident indicates that unauthorized access was enabled through a third-party vendor environment, rather than a direct breach of Anthropic's systems. The enabling condition extends beyond this single incident: information and access move through multi-layer vendor relationships that organizations cannot fully see. By the time the consequences arrive, information may have passed through several hands.
The practice implication is straightforward: treat the vendor risk management program of each direct vendor with sensitive access as a primary object of assessment. No firm can perform diligence on every contractor and subcontractor behind its vendors. But we do ask each critical vendor to explain how they assess their own vendors, and we treat the strength of that program as a meaningful input to the overall decision. A vendor with a sophisticated and documented program for managing the layer beneath them is, in effect, doing diligence work on our behalf.
The second weakness is timing. Vendor due diligence is often performed prior to onboarding and revisited on a periodic basis, most commonly at contract renewal, if it is revisited at all. The Mythos breach happened on launch day, weeks or months after any onboarding review of the contractor would have been completed. The conditions that warranted a clean review at onboarding may no longer hold when something goes wrong.
Vendor risk is a state, not an event
Treating it as one leaves long stretches of time where we are operating on assumptions that may no longer be true.
At Commonfund, as part of our risk management practices, vendors with access to client data or personally identifiable information are subject to annual reassessment, regardless of contract status. We supplement that cadence with real-time monitoring of media coverage involving our vendors, which surfaces events that would warrant reassessment outside the normal cycle.
Why this matters more than it used to
What has changed in the past year is the threat environment.
Mythos itself illustrates the shift. Public reporting describes the model identifying a decades-old vulnerability in OpenBSD and its use by third parties including Mozilla to patch hundreds of vulnerabilities in Firefox. The defensive value is real. But the same capability, in the hands of attackers, means that vulnerabilities which would previously have remained undiscovered for months or years can now be surfaced in hours.
This changes the math of vendor risk in two ways. First, the probability that any given weakness in a vendor's environment will be discovered and exploited has increased sharply because the cost of looking has collapsed. Second, once an adversary has gained initial access through any weakness in the chain, AI-assisted techniques allow them to move through networks, adapt to defenses, and chain exploits with speed and agility that human attackers cannot match.
The vendor risk practices described above were already worthwhile. They are now urgent.
The questions worth asking
The five questions below are not a complete vendor due diligence checklist. They are pressure tests, designed to surface the gaps that traditional reviews tend to miss. Vendors who struggle with them have told you something important.
The first question is foundational. Ask it of every vendor with sensitive access.
Do you have a documented vendor risk management program, and can you walk us through how you assess your own vendors?
A vendor who answers clearly and confidently is doing diligence work on your behalf at the next layer down. A vendor who cannot asks you to trust a chain you cannot see. If the answer to this first question is unsatisfying, the rest may not matter.
The next four test whether the answer to the first is real.
Could you produce, within 24 hours, a list of every subcontractor with access to our systems or data right now?
Vendors with mature access management can answer this almost immediately. Vendors who would need a week, or who cannot answer at all, have told you they do not know who has access to your information.
What is your incident notification policy when a breach occurs at one of your vendors, rather than at your firm directly?
Most vendor contracts contemplate notification when the vendor itself is breached. Far fewer address what happens when a breach occurs further upstream.
How do you provision and deprovision access for everyone with access to our systems, including employees, contractors, and subcontractors, and how quickly?
Mature programs handle full-time employee access well, because HR offboarding triggers it automatically. The harder cases are contractors and subcontractors, whose departures may not be not flagged by any system. The Mythos breach may have involved this kind of credential, one that should have been revoked but was not.
What AI tools do your employees and contractors use in providing services to us, and how is that use governed?
Most vendor contracts predate the explosion of AI tooling and are silent on the question. AI tools change what data flows where and through which intermediaries. A vendor who cannot answer has not yet thought about it.
What this is for
The institutions whose endowments and operating reserves we safeguard did not ask to be exposed to the contractors behind their custodian's software providers, or to the AI tools their administrators' employees use, or to the breach intelligence that travels through chains of vendors none of us can fully see. They asked us to manage their assets prudently, and to make decisions on their behalf about whom to trust.
Vendor risk management is one of the places where that trust is concretely earned or lost. The framework described in this piece will not catch every potential failure. No framework will. But asking the right questions of our direct vendors, expecting them to ask similar questions of theirs, and treating vendor risk as a continuous obligation rather than a periodic checklist puts us in a better position than waiting for the next breach to tell us where the gaps were.
The Mythos story will not be the last of its kind. The next breach will take a different path. Our responsibility remains the same.
1 https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2
2 https://www.iso.org/standard/27001
